Unfortunately "only for package installation" is equal to root access for eternity. The package can be constructed to install any binary as setuid root so any of the package contents can have root access for ever :(

This won't help. Once the package installation process has executed the package install scripts as root (a separate issue which I should have mentioned when talking about packages) the system must be considered as compromised and any further manual changes are worthless. In other words: Once you run the package installation, it will run programs in the package as root, and as they have full control over the system now, they can just copy them somewhere where I will not find them.

Notice that this level of paranoia is absolutely justified if we look at the history of PC gaming: There were many "copy control" mechanisms which would install DRIVERS in Windows systems to deeply hide in the system. Those drivers later turned out to have security issues themselves resulting in the system being wide open to hackers. The only conclusion is that anything which is related to closed source gaming software MUST NOT be given root privileges, not even ONCE for installation. Once root, always root.

p0s, i understand your worries, but i don't think valve will risk a bad name by doing illegal stuff. Sony was a example how not to do it, and the Linux community is known for finding security holes.. fast.

Keeping the root privileges with a complex hack might not be illegal the way they do it. Because illegal is very imprecise with software, and I bet the amount of court decisions about "keeping root privileges even though the user did not want that" is close to 0.Further, the Linux community will have a very hard time finding security issues in closed source software because it is *closed source*. Without the source code you could only read through the disassembly which is very difficult to understand and very time consuming and nobody will probably do that. Thats why *especially* closed source software such as Steam must not be run with root privilges.

And finally, consider this: What the hell would a gaming software need root for anyway?Steam should be designed in a way which makes it possible to run without any root privileges at all. Its not needed for gaming.

Keeping the root privileges with a complex hack might not be illegal the way they do it. Because illegal is very imprecise with software, and I bet the amount of court decisions about "keeping root privileges even though the user did not want that" is close to 0.Further, the Linux community will have a very hard time finding security issues in closed source software because it is *closed source*. Without the source code you could only read through the disassembly which is very difficult to understand and very time consuming and nobody will probably do that. Thats why *especially* closed source software such as Steam must not be run with root privilges.

And finally, consider this: What the hell would a gaming software need root for anyway?Steam should be designed in a way which makes it possible to run without any root privileges at all. Its not needed for gaming.

Um.

Steam doesn't need root, afaik?

Apt needs root to install it, since you're not getting the launcher in /usr/bin any other way.

If you're that paranoid, tell apt to install it in ~/.bin instead. This is seriously a non-issue.

And if you're REALLY paranoid, recursively remove the setuid bit from ~/Steam

I installed it on Fedora 17 with no root access. The only potential issue is that you will have to install any dependencies yourself. Just download the .deb package, unpack it with a zip/archive manager and run the script as a non-priviledged user.

How about this: Have Steam install everything it needs to a user definable folder and allow that folder to be moved anywhere the user wants (eg a separate drive/partition).

That way the user can carry over everything related to Steam to another computer without any messing around (aside from updating graphics driver) and it would allow multiple users to share common game files.

Btw, this is how Desura does it, except the saved games and such are stored in game specific places (eg "~/.local/share/Cogs", "~/.Broken Rules/And Yet It Moves", or just "~/.Osmos").